[module]
desc = Logins
exec = /usr/share/epylog/modules/logins_mod.py
files = /var/log/merged/messages.log[.#.gz], /var/log/merged/secure.log[.#.gz]
enabled = yes
internal = yes
outhtml = yes
priority = 0

[conf]
##
# Only enable things useful for your configuration to speed things
# up. The more stuff you enable, the slower matching will be.
#
enable_pam = 1
enable_xinetd = 1
enable_sshd = 1
enable_uw_imap = 0
enable_dovecot = 0
enable_courier = 0
enable_imp = 0
enable_proftpd = 0
##
# This is a fun setting. You can list domains that are "safe" here.
# E.g. if your org's domain is example.com and you generally don't 
# expect logins from hosts in example.com domain to be suspicious, you
# can add "example.com$" as a safe domain. This way anyone logging in from
# a remote host not matching *.example.com will be flagged in red and the
# full hostname of the connecting machine will be printed in the report.
# List multiple values separated by comma.
# E.g.: safe_domains = example.com$, foo.edu$
# The default is .*, meaning all domains are considered safe. To turn
# this off specify something like:
# safe_domains = !.*
safe_domains = .*
##
# If you have too many systems, wide-scale probing may turn ugly. This
# will collapse the reports.
systems_collapse = 10


# comma/space separated list of users to ignore - unknown is the internal "no user given"
ignore_users = unknown 
# path to where we keep the logins db
loginsdb_path = /var/lib/epylog/logins_db.sqlite
# clean up entries in the db which are more than this many days old
remove_older_than = 14
# time fuzz - default time (in minutes) which is valid fuzzy match for a login to not be listed
time_fuzz = 60

